China-based online services are fighting fraud from within

With the development of technology, fraudsters are becoming increasingly sophisticated. They are tech-savvy, open to new software and tools, and have developed multiple advanced techniques so that fake accounts blend in with normal users.

The total estimated cost of global fraud is greater than US$ 50 billion per year and the global losses on credit, debit, prepaid general purpose, and private label payment cards reached US$ 16.31 billion last year, a recent report from fraud detection solution Data Visor points out.

Fraudsters are everywhere. The report details the countries hosting the highest number of fraudulent accounts that target online services based in North America and Europe. The US and China host the highest number of fraudulent accounts, but Southeast Asia and Eastern Europe are producing their fair share of malicious accounts as well.

While online properties based in North America and Europe are attacked by global fraudsters, China-based online services are attacked more by fraudsters in their immediate region.

Ninety-five percent of fraudulent accounts that target China-based services originate from within China. It is interesting to note that most of the coastal provinces are highlighted as the regions where fraudulent accounts were hosted, likely due to larger populations in those locations and the presence of fraudster communities in bigger cities.

Online fraud in China is growing into a great pain for the country. Liewang Platform, a website where internet users on the mainland can report online fraud cases, reports that online fraud victims in China were each cheated of over RMB 9,400 RMB (around US$ 1360) on average last year, a 90% jump from 2015.

To some extent, the rampancy of online frauds in China is aggravated by the fact that the country is dominated by Android, which controls 79.9% of the market, data from Kantar shows.

Data Visor’s research found that Android, being an open source operating system that gives users (including fraudsters) the flexibility to make system-level customizations and add new features, is more vulnerable to attacks. There are 3x more fraudulent accounts from Android devices compared to those from iOS. Overall 74% of the fraudulent accounts are coming from Android platform, versus a 25% for iOS system.

Furthermore, there are also more apps available for Android systems compared to iOS, some of which are specifically designed to spoof GPS location services on the device, forge network requests, automate human-like activities, or provide other functionalities convenient for conducting fraud. A user from an Android platform is 8x more likely to be fraudulent than a user from an iOS device. When an online service is “mobile only,” criminals will opt for Android as the best platform for attacks, according to Data Visor.

While everything is moving toward mobile, fraudsters and their armies of fake accounts appear to have a preference toward desktop platforms. Data from the report shows 82% of fake accounts originated from desktop machines, compared to only 18% from mobile platforms. The vulnerability of PC platform is largely due to the lack of reliable device fingerprints that can be used to uniquely track web users.

Creating the appearance of a different user can be as simple as clearing the browser cookie and/or spoofing the user-agent string. By contrast, mobile apps sit directly on the device and collect more accurate device identifiers, or monitor user behavior within the app, making it harder for fake accounts to avoid detection. Also, it is much easier for fraudsters to use emulation software on a desktop to create hundreds or thousands of virtual devices, which appear as uniquely legitimate users